We use cookies to ensure that we give you the best experience on our website. By continuing to browse or closing this banner, you acknowledge that you have read and agree to our Privacy Policy and Terms of Service.

Upcoming Webinar: Fundamentals of Locators & XPath in Selenium.

Register Now >


Last Updated: 10th November 2020

This Data Protection Addendum (“DPA”)is incorporated into and made part of the Terms of Service (“Terms”) and governs the Processing of Personal Data by LambdaTest as a Processor on behalf of Customer or Customer Affiliates, as applicable. Unless otherwise defined in this DPA, capitalized terms shall have the same meaning as given to them in the Terms.

1. Definition

“Appropriate Technical and Organizational Measures”, “Personal Data”, “Personal Data Breach”, “Process / Processing”, “Controller”, “Processor”, “Subprocessor” and “Data Subject” shall have the same meaning as ascribed to them under the GDPR provided that “Personal Data” as used herein only applies to Personal Data for which LambdaTest is a Processor.

“Data Protection Legislation” means applicable laws and regulations relating to the privacy and security of Personal Information, including but not limited to GDPR, as such laws shall be amended, revised or replaced from time to time.

“Data Protection Officer” means a data protection officer appointed pursuant to Data Protection Legislation.

“Delete” means removing or obliterating Personal Data such that it cannot be recovered or reconstructed.

“GDPR” means General Data Protection Regulation (EU) of 2016/679

“Restricted Transfer” means any transfer of Personal Data to countries outside of the European Economic Area (EEA) which are not subject to an adequacy decision by the European Commission, where such transfer would be prohibited by Data Protection Legislation.

“Standard Contractual Clauses” means the contractual clauses dealing with the transfer of Personal Data outside the EEA, which have been approved by (i) the European Commission under the Data Protection Legislation, or (ii) by a competent supervisory authority under Data Protection Legislation.

“Security Features” means any security feature, including any encryption, pseudonymization, key, PIN, password, token or smart card.

2. Data Processing

a. LambdaTest shall:

  • Process Personal Data for the legitimate business purpose only and/or to provide LambdaTest Services to the Customer or Permitted Users.
  • Process Personal Data only in accordance with the specific instructions of the Customer or Permitted Users unless Processing is required by applicable laws. Such instructions can be in writing or by electronic means.
  • Comply with all applicable Data Protection Laws in the Processing of Personal Data

b. Each Customer or Permitted User hereby instructs and authorizes LambdaTest (and authorizes LambdaTest to instruct each subprocessor) to Process Personal Data and Account-Related Information for the above purposes including authorizing LambdaTest to transfer such data to any country or territory as reasonably necessary for the provision of LambdaTest Services and consistent with the Terms.

3. LambdaTest Personnel

LambdaTest shall take reasonable steps to ensure the reliability of all its employees who have access to Personal Data and Account-Related Information and to ensure that such employees have committed themselves to a binding duty of confidentiality in respect of such Personal Data and Account-Related Information.

4. Parties' Obligations

a. LambdaTest shall:

  • Make copies of the Account-Related Information and Personal Data only to the extent reasonably necessary for the provision of LambdaTest Services.
  • Retain all Account-Related Information and Personal Data during the validity of the Subscription Term and as per the Subscription Plan purchased by the Customer. In case of Termination for any reason, unless otherwise agreed, LambdaTest may, at its sole discretion, Delete all or part of the Account-Related Information and Personal Data within such time period as we may deem appropriate.
  • Provide copy of all Account-Related Information and Personal Data held by LambdaTest to the Customer or Permitted Users in a commonly used format and medium.
  • Obtain prior written approval of the Customer before using or making available any Account-Related Information or Personal Data other than as provided for in the Terms.

b. Customer acknowledges that LambdaTest is under no duty to investigate or ensure the completeness, accuracy or sufficiency of (i) any instructions received from the Customer or (ii) any Account-Related Information or Personal Data.

c. Customer shall:

  • Ensure that Customer is entitled to transfer Account-Related Information and Personal Data to LambdaTest so that LambdaTest may lawfully process and transfer the said information in accordance with the Terms;
  • Ensure that relevant Data Subjects have been informed of, and have given their consent to, such use, processing and transfer as required under Data Protection Legislation;
  • Notify LambdaTest in writing about delay or any situation or development that shall in any way influence, change or limit the ability of LambdaTest to process Account-Related Information or Personal Data as set out in the Terms;
  • Ensure that that the Account-Related Information or Personal Data sent to LambdaTest for Processing pursuant to the Terms is :
    • Obtained lawfully, fairly and in transparent manner in relation to the Data Subject (including in respect of how consent is obtained);
    • collected and processed for specified, explicit and legitimate purposes, and not further processed in a manner incompatible with those purposes;
    • adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
    • accurate, and where necessary kept up to date;
    • erased or rectified without delay where it is inaccurate, having regard to the purposes for which they are processed;
    • processed in a manner that ensures appropriate security of the Account-Related Information and Personal Data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using Appropriate Technical and Organizational Measures; and

5. Security And Audit

a. LambdaTest shall, in accordance with requirements under the Data Protection Legislation, implement Appropriate Technical and Organizational Measures to safeguard the Account-Related Information and Personal Data from unauthorized or unlawful Processing, or accidental loss, alteration, disclosure, destruction or damage, and that, having regard to the state of technological development and the cost of implementing any measures.

b. LambdaTest shall, in accordance with Data Protection Laws, make available to the Customer such information in LambdaTest’s possession or control as the Customer may reasonably request with a view to demonstrating LambdaTest’s compliance with the obligations of data processors under Data Protection Laws in relation to its processing of Personal Data.

c. The Customer may exercise its right of audit under Data Protection Laws in relation to Personal Information. Customer acknowledges that doing the following is sufficient for satisfying Customer’s right to an audit:

  • Providing (a) an audit report not older than eighteen (18) months, prepared by an independent external auditor demonstrating that LambdaTest’s technical and organizational measures are sufficient and in accordance with an accepted industry audit standard; and
  • Additional information in LambdaTest’s possession or control to an EU supervisory authority when it requests or requires additional information in relation to the Processing of Personal Data carried out by LambdaTest under the Terms, including this DPA.

6. Data Subject Rights And Requests

a. Taking into account the nature of the Processing, LambdaTest Service provides functionality to assist Customer by Appropriate Technical and Organizational Measures, insofar as this is possible, to access, correct, amend, restrict, or delete Personal Data contained in LambdaTest Services to address requests by a Data Subject under the GDPR. To the extent Customer, in its use of LambdaTest Services, is not familiar with LambdaTest Services functionality that may be used for these purposes, LambdaTest will provide Customer with additional Documentation or customer support assistance to educate the Customer on how to take such actions.

b. LambdaTest shall, notify Customer as soon as reasonably practicable if it receives:

  • a request from a Data Subject for access to that person’s Personal Data (relating to the LambdaTest Services);
  • any communication from a Data Subject (relating to the LambdaTest Services) seeking to exercise rights conferred on the Data Subject by Data Protection Legislation in respect of Personal Data; or
  • any complaint or any claim for compensation arising from or relating to the Processing of such Personal Data.

c. LambdaTest shall not disclose the Personal Data to any Data Subject or to a third party other than at the request of Customer, as provided for in this DPA, or as required by law in which case LambdaTest shall to the extent permitted by law inform Customer of that legal requirement before Customer discloses the Personal Data to any Data Subject or third party.

d. LambdaTest shall not respond to any request from a Data Subject except on the documented instructions of Customer or an Permitted User or as required by law, in which case LambdaTest shall to the extent permitted by law inform Customer of that legal requirement before LambdaTest respond to the request.

7. Personal Data Breach Reporting

a. LambdaTest shall notify Customer without undue delay upon LambdaTest or any Subprocessor becoming aware of a Personal Data Breach, providing Customer with sufficient information to allow Customer to meet any obligations to report or inform (a) affected Data Subjects, and (b) any other persons or entities required to be recipients of a notification, of the Personal Data Breach.

b. LambdaTest shall use commercially reasonable efforts to cooperate with Customer and take such commercially reasonable steps as are directed by Customer to assist in the investigation, mitigation and remediation of each such Personal Data Breach.

8. Return Or Disposal

Prior to or upon termination or expiration of the Terms for any reason, Customer may retrieve Personal Data processed by LambdaTest Services in accordance with the Terms at Customer’s request provided in writing to LambdaTest. LambdaTest shall, as soon as possible, return or delete Personal Data from LambdaTest Services, unless applicable law requires storage of the Personal Data.

9. Restricted Transfers

a. LambdaTest may transfer and access Personal Data to and from other countries, for provision of LambdaTest Services, where LambdaTest has operations or Subprocessors or as otherwise required by the applicable law.

b. A Restricted Transfer may not be made by LambdaTest (other than transfers to Affiliates and by any agents and Subprocessors for the purposes of performing the LambdaTest Services, and Customer shall use commercially reasonable efforts to obtain explicit consent from relevant Data Subjects in respect of such potential transfers) without the prior written consent of Customer (such consent not to be unreasonably withheld, delayed or conditioned), and if such consent has been obtained (or is unnecessary), such Restricted Transfer may only be made where there are Appropriate Technical and Organisational Measures in place with regard to the rights of Data Subjects (including but not limited to the Standard Contractual Clauses, Privacy Shield, binding corporate rules, or any other model clauses approved by the applicable supervisory authority).

10. Subprocessors

a. Customer authorizes LambdaTest to appoint (and permit each Subprocessor appointed in accordance with this section 10 to appoint) Subprocessors in accordance with this section 10 and any restrictions in the Terms without any prior approval.

b. LambdaTest may continue to use those Subprocessors already engaged by LambdaTest or any LambdaTest Affiliate as at the date of this DPA, subject to LambdaTest in each case as soon as practicable meeting the obligations set out in section 10.d. A list of the categories of Subprocessors appointed by LambdaTest is maintained on our Website at Sub-Processors. If Customer objects to such sub-processing arrangements, then Customer must notify LambdaTest and, if Customer does so confirm, Customer acknowledges that Customer may no longer be able to avail of some or all of the LambdaTest Services.

c. With respect to each Subprocessor, LambdaTest shall,

  • (i) before the Subprocessor first Processes Personal Data, carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Personal Data required by the Terms and this DPA;
  • (ii) ensure that the arrangement between LambdaTest, or its Affiliate or the relevant intermediate Subprocessor, and the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Personal Data as those set out in this DPA; and

d. LambdaTest shall remain fully liable to Customer in respect of any failure by the Subprocessor to fulfil its data protection obligations regarding Personal Data.

11. Data Privacy Contact

LambdaTest shall appoint a Data Privacy Officer, if required to do so pursuant to Data Protection Legislation in connection with the performance of the LambdaTest Services and can be reached at [email protected]